net/exabgp: update to version 5.0.8.
Pkgsrc changes:
* Remove now-integrated patch.
* Update PLIST.
* Checksum updates.
Upstream changes:
Version 5.0.8:
* Fix: handle OPEN message with zero capabilities without crashing
Capabilities.unpack() read the parameter type byte before checking
whether the Optional Parameters Length was zero, raising IndexError
when a peer sent an OPEN with no optional parameters at all (a valid
single 0x00 byte payload per RFC 4271). The early-return guard sat
below the offending read so it never helped. Alternative to PR #1375.
Version 5.0.7:
* Fix: send zero-length capabilities in OPEN message (#1371)
[221 lines not shown]
www/chromium: update to 147.0.7727.55
* 147.0.7727.55
This update includes multiple security fixes. Please see the
Chrome Security Page for more information.
[$43000][493319454] Critical CVE-2026-5858: Heap buffer overflow in WebML.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17
[$43000][494158331] Critical CVE-2026-5859: Integer overflow in WebML.
Reported by Anonymous on 2026-03-19
[$11000][486495143] High CVE-2026-5860: Use after free in WebRTC.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[$3000][486927780] High CVE-2026-5861: Use after free in V8.
Reported by 5shain on 2026-02-23
[TBD][470566252] High CVE-2026-5862: Inappropriate implementation in V8.
Reported by Google on 2025-12-21
[TBD][484527367] High CVE-2026-5863: Inappropriate implementation in V8.
Reported by Google on 2026-02-14
[111 lines not shown]
www/esbuild: update to 0.28.0
* 0.28.0
- Add support for with { type: 'text' } imports (#4435)
- Add integrity checks to fallback download path (#4343)
- Update the Go compiler from 1.25.7 to 1.26.1
* 0.27.7
- Fix lowering of define semantics for TypeScript parameter properties (#4421)
kitty: Fix serious bug in the setup.py patch.
Ensure candidates is a tuple, not a string. That single missing comma caused
builds on macOS to traverse the entire file system multiple times as:
for candidate in ('@PREFIX@/share/fonts/')
expands to e.g. ['/', 'o', 'p', 't', '/', ...], whereas:
for candidate in ('@PREFIX@/share/fonts/',)
correctly expands to e.g. ['/opt/pkg/share/fonts'].
iperf3: updated to 3.21
iperf-3.21 includes support for GSO and GRO under Linux, improves feature
parity for macOS, and adds a number of minor bugs and enhancements. More
details on the changes can be found in the release notes.
catch2: updated to 3.14.0
3.14.0
Fixes
Added missing <cstdint> includes.
Fixed suppression of empty variadic macro arguments warning on Clang <19.
Fixed catch_discover_tests failing during PRE_TEST discovery if a target does not have discoverable tests.
Fixed build of the main library failing with CATCH_CONFIG_PREFIX_ALL defined.
JUnit reporter outputs single failed (errored/skipped) assertion per test case.
Improvements
The default implementation of --list-tags and --list-listeners has a quiet variant.
Suppressed the new Clang warning about __COUNTER__ usage.
Line-wrapping counts utf-8 codepoints instead of bytes.
Combining character sequences are still miscounted, but Catch2 does not aim to fully support Unicode.
lazygit: updated to 0.61.0
0.61.0
Features
Show pull requests against branches
Enhancements
Add support for clicking on arrows in the file list to expand/collapse directories
Remove empty directories after discarding untracked files
Make file sort order and case sensitivity configurable, and default to mix files and folders
Allow customizing the window width/height thresholds for when to use portrait mode
Log hashes of local branches when deleting them
Add condition field to custom command prompts
Fixes
[6 lines not shown]